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DETAILED ACTION 



This first non-final action is in response to the Request for Continued Examination filing 
of 05/23/2008. Claims 1-31 are pending and have been considered as follows. 

Examiner Note 

In light of the applicant's amendments, the examiner hereby withdraws his previous 
Specification Objection and his previous 35 U.S.C. 101 rejections with respect to Claims 18 & 
19. 

Claim Objections 

1 . Claim 1 8 is objected to because of the following informalities: 
Claim 1 8 line 5 recites the term "when" which should be omitted; 

Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claim 17 is rejected under 35 U.S.C. 101 because the claimed invention is directed to 



non- statutory subject matter. 
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Claim 17 recites "an apparatus" comprising "means for" where the "means for" appear to 
be nothing more than computer program modules, thereby invoking 35 U.S. C. 101 as 
non- statutory subject matter; 



Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2 ) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 17-19 are rejected under 35 U.S.C. 102(e) as being anticipated by Schuba et al. 
(US-6944663-B2). 

Claims 17-19: 

Schuba et al. disclose an apparatus for preventing an attack on a network and a computer- 
readable volatile or non-volatile medium storing one or more sequences of instructions 
comprising, 

"a processor" (i.e. "a computer system based on a microprocessor, a mainframe 
computer, a digital signal processor, a portable computing device, a personal organizer, a 
device controller, and a computational engine within an appliance") [column 3 lines 35- 



38]; 
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"a computer-readable volatile or non-volatile medium having- stored thereon one or more 
stored sequences of instructions that are accessible to the processor" (i.e. "The data 
structures and code described in this detailed description are typically stored on a 
computer readable storage medium, which may be any device or medium that can store 
code and/or data for use by a computer system. This includes, but is not limited to, 
magnetic and optical storage devices such as disk drives, magnetic tape, CDs (compact 
discs) and DVDs (digital versatile discs or digital video discs)") [column 3 lines 10-12]; 

- "receiving a request to access a resource from a user" (i.e. "the system receives a request 
for service from a client 106 (step 202)") [column 3 lines 52-53]; 

"wherein the request includes an accumulated work value" (i.e. "the system generates a 
random number, y, and a transaction identifier, id.sub.l (step 204). The system also 
selects a value for the parameter, n, which specifies the amount of computational work 
involved in computing the preimage x, such that h(x)=y (step 206)") [column 3 lines 53- 
58]; 

- "determining whether the accumulated work value exceeds a required work threshold 
value" (i.e. "If id.sub.l =id.sub.2 at step 218, the system computes h(x) (step 220). Next, 
the system compares y and h(x) (step 222). If y=h(x), the client successfully solved the 
client puzzle, and the system performs the requested service for the client (step 224)") 
[column 4 lines 35-39]; 
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"if not, selectively requiring the user to perform a quantity of work as a condition for 
accessing the resource" (i.e. "FIG. 2 is a flow chart illustrating the process of using a 
client puzzle in accordance with an embodiment of the present invention") [column 3 
lines 50-52]; 

"providing the user with access to the resource" (i.e. "Next, the system compares y and 
h(x) (step 222). If y=h(x), the client successfully solved the client puzzle, and the system 
performs the requested service for the client (step 224)") [column 4 lines 36-39]; 
- "determining an amount of accumulated work output value to provide to the user based 
on a volume of data communicated between the resource and the user" (i.e. "the system 
generates a random number, y, and a transaction identifier, id.sub.l (step 204). The 
system also selects a value for the parameter, n, which specifies the amount of 
computational work involved in computing the preimage x, such that h(x)=y (step 206)") 
[column 3 lines 53-58]; 

"providing the accumulated work output value to the user" (i.e. "The system also selects 
a value for the parameter, n, which specifies the amount of computational work involved 
in computing the preimage x, such that h(x)=y (step 206)") [column 3 lines 55-58]. 
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Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 20, 24, & 28 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schuba et al. (US-6944663-B2). 

Claims 20, 24, & 28: 

Schuba et al. disclose an apparatus for preventing an attack on a network and a computer- 
readable volatile or non-volatile medium storing one or more sequences of instructions, as in 
Claims 17-19 above, further comprising, 

"determining whether a mathematical relationship of the current user identity value and 
the prior user identity value indicates that the user has possession of a resource secret" 
(i.e. "If id.sub.l =id.sub.2 at step 218, the system computes h(x) (step 220). Next, the 
system compares y and h(x) (step 222). If y=h(x), the client successfully solved the client 
puzzle, and the system performs the requested service for the client (step 224)") [column 
4 lines 35-39]. 
but they do not explicitly disclose, 

"wherein the request includes a prior user identity value and a current user identity 
value," although Schuba et al. do suggest two separate identifiers, as recited below; 
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however, they do disclose, 

- "For example, if the parameters associated with the client (id.sub. 1 , n, y) are stored in a 
database that is indexed by id.sub. 1, a subsequent lookup using id.sub.2 will return 
(id.sub. 1, n, y) only if id.sub. 1 =id.sub.2. Alternatively, if the lookup is based on client 
identifiers, an explicit comparison of id.sub. 1 and id.sub.2 needs to be performed" 
[column 4 lines 29-34]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the request includes a prior user identity value and a 
current user identity value," in the invention as disclosed by Schuba et al. since it would be 
expected that a client/user may attempt to connect more than just once and accommodations need 
to be made to handle the scenarios where the client is legitimate and non-legitimate as is 
suggested by Schuba et al . 

7. Claims 1,2, 11, 15, & 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schuba et al. (US-6944663-B2) in view of French et al. (US-6321339-B1). 
Claim 1 : 

Schuba et al. disclose a method of preventing an attack on a network comprising, 

- "receiving a request to access a resource from a user" (i.e. "the system receives a request 
for service from a client 106 (step 202)") [column 3 lines 52-53]; 
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"wherein the request includes an accumulated work value" (i.e. "the system generates a 
random number, y, and a transaction identifier, id.sub.l (step 204). The system also 
selects a value for the parameter, n, which specifies the amount of computational work 
involved in computing the preimage x, such that h(x)=y (step 206)") [column 3 lines 53- 
58]; 

- "determining whether the accumulated work value exceeds a required work threshold 
value" (i.e. "If id.sub. 1 =id.sub.2 at step 218, the system computes h(x) (step 220). Next, 
the system compares y and h(x) (step 222). If y=h(x), the client successfully solved the 
client puzzle, and the system performs the requested service for the client (step 224)") 
[column 4 lines 35-39]; 

"if not, requiring the user to perform a quantity of work as a condition for accessing the 
resource" (i.e. "FIG. 2 is a flow chart illustrating the process of using a client puzzle in 
accordance with an embodiment of the present invention") [column 3 lines 50-52]; 
"providing the user with access to the resource" (i.e. "Next, the system compares y and 
h(x) (step 222). If y=h(x), the client successfully solved the client puzzle, and the system 
performs the requested service for the client (step 224)") [column 4 lines 36-39]; 
"determining an amount of accumulated work output value to provide to the user based 
on a volume of data communicated between the resource and the user" (i.e. "the system 
generates a random number, y, and a transaction identifier, id.sub.l (step 204). The 
system also selects a value for the parameter, n, which specifies the amount of 
computational work involved in computing the preimage x, such that h(x)=y (step 206)") 
[column 3 lines 53-58]; 
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"providing the accumulated work output value to the user" (i.e. "The system also selects 
a value for the parameter, n, which specifies the amount of computational work involved 
in computing the preimage x, such that h(x)=y (step 206)") [column 3 lines 55-58]; 
but, they do not disclose, 

"wherein the accumulated work value represents a total amount of work previously 
performed by the user and accumulated across multiple prior requests," although French 
et al. do suggest combined authentication scores, as recited below; 

- "wherein the accumulated work output value represents a second amount of work 
performed by the user," although French et al. do suggest combined authentication 
scores, as recited below; 

however, French et al. do disclose, 

- "The transaction record 1 12 (illustrated in FIGS. 13-16) initialized in step 22 is used 
throughout the authentication process 10 to keep track of user input and authentication 
results. After the appropriate queries have been processed and all results stored in the 
transaction record 1 12, the transaction record 1 12 is used to determine an authentication 
score with respect to the request. Step 56 calculates the total authentication score, and 
optionally, a score for each data source, data field, etc. The results are categorized as a 
big hit (B), a regular hit (R), a possible hit (P), or no hit (N) depending on results. Those 
results may then be combined with the results of second level authentication process 40 
to determine an overall authenticity certainty score, as illustrated in FIGS. 23-28 and 
discussed below" [column 14 lines 1-14]; 
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Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the accumulated work value represents a total amount 
of work previously performed by the user and accumulated across multiple prior requests" and 
"wherein the accumulated work output value represents a second amount of work performed by 
the user," in the invention as disclosed by Schuba et al. for the purposes of providing categories 
of access based on values associated with authentication outcomes. 
Claim 2: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 

Claim 1 above, their combination further disclosing, 

- "determining whether a mathematical relationship of the current user identity value and 
the prior user identity value indicates that the user has possession of a resource secret" 
(i.e. "If id.sub.l =id.sub.2 at step 218, the system computes h(x) (step 220). Next, the 
system compares y and h(x) (step 222). If y=h(x), the client successfully solved the client 
puzzle, and the system performs the requested service for the client (step 224)") [column 
4 lines 35-39]. 

but they do not explicitly disclose, 

"wherein the request includes a prior user identity value and a current user identity 
value," although Schuba et al. do suggest separate identifiers, as recited below; 
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however, they do disclose, 

- "For example, if the parameters associated with the client (id.sub. 1 , n, y) are stored in a 
database that is indexed by id.sub. 1, a subsequent lookup using id.sub.2 will return 
(id.sub. 1, n, y) only if id.sub. 1 =id.sub.2. Alternatively, if the lookup is based on client 
identifiers, an explicit comparison of id.sub. 1 and id.sub.2 needs to be performed" 
[column 4 lines 29-34]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the request includes a prior user identity value and a 
current user identity value," in the invention as disclosed by Schuba et al. and French et al. since 
it would be expected that a client/user may attempt to connect more than just once and 
accommodations need to be made to handle the scenarios where the client is legitimate and non- 
legitimate as is suggested by Schuba et al . 
Claim 11: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 
Claim 1 above, their combination further disclosing, 

- "receiving the accumulated proof of work value" (i.e. "If id.sub. 1 =id.sub.2 at step 218, 
the system computes h(x) (step 220). Next, the system compares y and h(x) (step 222). If 
y=h(x), the client successfully solved the client puzzle, and the system performs the 
requested service for the client (step 224)") [column 4 lines 35-39]. 
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Claim 15: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 
Claim 1 above, their combination further disclosing, 

- "wherein requiring the user to perform a quantity of work as a condition for accessing the 
resource comprises requiring the user to hash a message until a specified number of bits 
are zero" (i.e. "Next, the system stores (id.sub.l, n, y) at server 102 (step 208) and sends 
(id.sub.l, n, y) to client 106 (step 210). The system then allows client 106 to compute the 
preimage x, such that h(x)=y (step 212). In one embodiment of the present invention, h is 
a hash function, such as SHA 1 or MD5, so that computing the preimage x given y 
requires significantly more time than computing the hash function h(x) given x") [column 
3 lines 59-64]. 

Claim 16: 

Schuba et al. disclose a method of preventing an attack on a network comprising, 

- "receiving a request to access a resource from a user" (i.e. "the system receives a request 
for service from a client 106 (step 202).") [column 3 lines 52-53]; 

"determining whether the accumulated work value exceeds a required work threshold 
value" (i.e. "If id.sub.l =id.sub.2 at step 218, the system computes h(x) (step 220). Next, 
the system compares y and h(x) (step 222). If y=h(x), the client successfully solved the 
client puzzle, and the system performs the requested service for the client (step 224)") 
[column 4 lines 35-39]; 



Application/Control Number: 10/824,729 Page 13 

Art Unit: 2136 

"providing the user with access to the resource only when the accumulated work value 
exceeds a required work threshold value" (i.e. "If y=h(x), the client successfully solved 
the client puzzle, and the system performs the requested service for the client (step 224)") 
[column 4 lines 36-39]; 

but they do not disclose, 

- "wherein the request includes an accumulated work value that represents work that the 
resource has previously required the user to perform in order to obtain previous access to 
the resource," although French et al. do suggest combined authentication scores, as 
recited below; 

however, French ct al. do disclose, 

"The transaction record 1 12 (illustrated in FIGS. 13-16) initialized in step 22 is used 
throughout the authentication process 10 to keep track of user input and authentication 
results. After the appropriate queries have been processed and all results stored in the 
transaction record 1 12, the transaction record 1 12 is used to determine an authentication 
score with respect to the request. Step 56 calculates the total authentication score, and 
optionally, a score for each data source, data field, etc. The results are categorized as a 
big hit (B), a regular hit (R), a possible hit (P), or no hit (N) depending on results. Those 
results may then be combined with the results of second level authentication process 40 
to determine an overall authenticity certainty score, as illustrated in FIGS. 23-28 and 
discussed below" [column 14 lines 1-14]; 
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Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the request includes an accumulated work value that 
represents work that the resource has previously required the user to perform in order to obtain 
previous access to the resource," in the invention as disclosed by Schuba et al. for the purposes 
of providing categories of access based on values associated with authentication outcomes. 
8. Claims 3-10 & 12-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schuba et al. (US-6944663-B2) in view of French et al. (US-6321339-B1) and in further view of 
Juels et al. (US-7197639-B1). 
Claim 3: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 
Claim 1 above, further comprising, 

"wherein H(i+l,x) is computed by the user as a hash chain from a non-shared user secret 
(x)" (i.e. "Next, the system stores (id.sub.l, n, y) at server 102 (step 208) and sends 
(id.sub.l, n, y) to client 106 (step 210). The system then allows client 106 to compute the 
preimage x, such that h(x)=y (step 212). In one embodiment of the present invention, h is 
a hash function, such as SHA1 or MD5, so that computing the preimage x given y 
requires significantly more time than computing the hash function h(x) given x") [column 
3 lines 59-64]; 

"wherein H(n,x)= h(H(n-l,x)" (i.e. "If id.sub.l =id.sub.2 at step 218, the system 
computes h(x) (step 220). Next, the system compares y and h(x) (step 222). If y=h(x), the 
client successfully solved the client puzzle, and the system performs the requested service 
for the client (step 224)") [column 4 lines 35-39]; 



Application/Control Number: 10/824,729 Page 15 

Art Unit: 2136 

"wherein n > 0 and H(0,x) = x" (i.e. "The parameter n is used to adjust the amount of 
work required to compute the preimage x. For example, the parameter n can be used as a 
parameter to the hash function h, which indicates both the size of the hash value 
generated by the hash function h, as well as the number of bits of x that are used in 
computing h(x)") [column 4 lines 3-8]; 

- "wherein function h is a one-way function that is difficult to invert" (i.e. "h is a hash 
function, such as SHA1 or MD5, so that computing the preimage x given y requires 
significantly more time than computing the hash function h(x) given x") [column 3 lines 
63-64]; 

- "receiving a current user identity value H(i,x)" (i.e. "Next, the system receives (id.sub.2, 
x) from the client (step 214), wherein id.sub.2 is an identifier returned by the client and x 
is the preimage of y computed by the client") [column 4 lines 20-22]; 

"verifying that the keyless user identity value properly identifies the user only upon 
determining that h(H(i,x)) = H(i+l,x)" (i.e. "If id.sub.l =id.sub.2 at step 218, the system 
computes h(x) (step 220). Next, the system compares y and h(x) (step 222). If y=h(x), the 
client successfully solved the client puzzle, and the system performs the requested service 
for the client (step 224)") [column 4 lines 35-39]; 
but they do not disclose, 

"receiving a prior keyless user identity value H(i+l,x) in the request comprising a one- 
time password," although Juels et al. do suggest a secret password, as recited below; 
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however, Juels et al. do disclose, 

- "For example, after TCP-IP is established, the next higher protocol layer can demand a 
secret password or other form of authentication before proceeding with the execution of 
the server application" [column 13 lines 23-25]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "receiving a prior keyless user identity value H(i+l,x) in the 
request comprising a one-time password," in the invention as disclosed by Schuba et al. and 
French et al. since "an adversary cannot pass through this security barrier. If this were not true, 
then the adversary would not be limited to disabling the server 120 through session-establishing 
resource depletion" [column 13 lines 27-30]. 
Claim 4: 

Schuba et al., French et al. , and Juels et al. disclose a method of preventing an attack on a 

network, as in Claim 3 above, their combination further disclosing, 

"wherein h comprises a SHA-1 hash algorithm" (i.e. "h is a hash function, such as SHA1 
or MD5, so that computing the preimage x given y requires significantly more time than 
computing the hash function h(x) given x") [column 3 lines 63-64]. 

Claim 5: 

Schuba et al, French et al. , and Juels et al. disclose a method of preventing an attack on a 

network, as in Claim 3 above, their combination further disclosing, 

"wherein n is between 10 A 4 and 10 A 6" (i.e. "The parameter n is used to adjust the amount 
of work required to compute the preimage x. For example, the parameter n can be used as 
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a parameter to the hash function h, which indicates both the size of the hash value 
generated by the hash function h, as well as the number of bits of x that are used in 
computing h(x)") [column 4 lines 3-8]. 
Claim 6: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 
Claim 3 above, their combination further disclosing, disclose a method of preventing an attack 
on a network, as in Claim 1 above, but their combination do not disclose, 

- "determining the required work threshold value based on a then-current capacity of the 
resource," although Juels et al. do suggest computational capacity used to determine 
computational size, as recited below; 

however, Juels et al. do disclose, 

- "the rate of connection buffer allocation and the likely computational capacity of one or 
more attacking clients 1 10 can be used to select the computational size of a particular 
tasks when operating in a defensive mode" [column 7 lines 29-33]; 

Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "determining the required work threshold value based on a then- 
current capacity of the resource," in the invention as disclosed by Schuba et al. and French et al. 
for the purposes of assessing the likelihood of attack. 
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Claim 7: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 
Claim 1 above, but their combination do not disclose, 

- "determining the required work threshold value based on a then-current capacity of the 
resource," although Juels et al. do suggest computational capacity determining 
computational size, as recited below; 

"requiring a first user who has an accumulated work value that is greater than the 
required work threshold value to perform a first amount of work as a condition for 
accessing the resource," although Juels et al. do suggest adjusting puzzle size/complexity, 
as recited below; 

"requiring a second user who has an accumulated work value that is less than or equal to 
the required work threshold value to perform a second amount of work as a condition for 
accessing the resource," although Juels et al. do suggest adjusting puzzle size/complexity, 
as recited below; 

- "wherein the second amount of work is greater than the first amount of work," although 
Juels et al. do suggest adjusting puzzle size/complexity, as recited below; 

however, Juels et al. do disclose, 

"the rate of connection buffer allocation and the likely computational capacity of one or 
more attacking clients 110 can be used to select the computational size of a particular 
tasks when operating in a defensive mode" [column 7 lines 29-33]; 
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"The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "determining the required work threshold value based on a then- 
current capacity of the resource" and "requiring a first user who has an accumulated work value 
that is greater than the required work threshold value to perform a first amount of work as a 
condition for accessing the resource" and "requiring a second user who has an accumulated work 
value that is less than or equal to the required work threshold value to perform a second amount 
of work as a condition for accessing the resource" and "wherein the second amount of work is 
greater than the first amount of work," in the invention as disclosed by Schuba et al. and French 
et al. since the client puzzle protocol is used for controlling the rate of connection buffer 
allocation and the likely computational capacity in order to provide graceful degradation in 
service when an attack is mounted (i.e. denial of service attack). 
Claim 8: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 

Claim 1 above, but their combination do not disclose, 

"wherein the step of determining an amount of accumulated work output value is 
performed for a specified user only during a specified time period in which accumulating 
work is allowed for that specified user," although Juels et al. do suggest puzzle size 
adjustments, as recited below; 
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however, Juels et al. do disclose, 

- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the step of determining an amount of accumulated 
work output value is performed for a specified user only during a specified time period in which 
accumulating work is allowed for that specified user," in the invention as disclosed by Schuba et 
al and French et al. since the client puzzle protocol is used for controlling the rate of connection 
buffer allocation and the likely computational capacity in order to provide graceful degradation 
in service when an attack is mounted (i.e. denial of service attack). 
Claim 9: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 

Claim 1 above, but their combination do not disclose, 

"wherein the step of determining an amount of accumulated work output value is 
performed for a specified user only if the current user identity value received from the 
user is not found in a list of user identity values that were previously received in a 
specified time period," although Juels et al. do suggest increasing puzzle size in response 
to an attack, as recited below; 
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however, Juels et al. do disclose, 

- "The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "wherein the step of determining an amount of accumulated 
work output value is performed for a specified user only if the current user identity value 
received from the user is not found in a list of user identity values that were previously received 
in a specified time period," in the invention as disclosed by Schuba et al. and French et al. since 
the client puzzle protocol is used for controlling the rate of connection buffer allocation and the 
likely computational capacity in order to provide graceful degradation in service when an attack 
is mounted (i.e. denial of service attack). 
Claim 10: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 

Claim 1 above, but their combination do not disclose, 

"digitally signing and providing a timestamp to the user with the accumulated work 
output value," although Juels et al. do suggest time stamping and usage of a secretly 
computed message authentication code residing as part of the other data, as recited 
below; 
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"wherein the step of determining an amount of accumulated work output value is 
performed for a specified user," although Juels et al. do suggest client puzzles, as recited 
below; 

- "only upon: receiving the timestamp is received in a subsequent request," although Juels 
et al. do suggest usage of time stamps, as recited below; 

- "only upon: verifying the timestamp value," although Juels et al. do suggest usage of time 
stamps, as recited below; 

- "only upon: determining that the timestamp value is within an allowed range," although 
Juels et al. do suggest usage of time stamps, as recited below; 

however, Juels et al. do disclose, 

"This time stamp, or any other portion of seed data (SD) can be optionally authenticated 
with the use of a secretly computed message authentication code residing as part of the 
other data (OD) 530 portion of the seed data (500)" [column 19 lines 22-26]; 
"The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "digitally signing and providing a timestamp to the user with the 
accumulated work output value" and "wherein the step of determining an amount of accumulated 
work output value is performed for a specified user" and "only upon: receiving the timestamp is 
received in a subsequent request" and "only upon: verifying the timestamp value" and "only 
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upon: determining that the timestamp value is within an allowed range," in the invention as 
disclosed by Schuba et al. and French et al. since "secretly computed message authentication 
code residing as part of the other data" may typically be "digitally signed and time stamped" 
information for verification, where a client puzzle protocol is used to control graceful 
degradation in service. 
Claim 12: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 

Claim 1 above, but their combination do not disclose, 

"a prior user identity value and a current user identity value in a cookie provided by the 
user to the resource," although Juels et al. do suggest a client puzzle protocol, as recited 
below; 

- "wherein determining an amount of accumulated work output value to provide to the user 
based on a volume of data communicated between the resource and the user comprises 
determining the amount of accumulated work as 2 A k * p," although Juels et al. do suggest 
client puzzles, as recited below; 

"where k is a number of bits of work previously performed by the user and p is a number 
of messages or packets communicated between the user and the resource," although Juels 
et al. do suggest client puzzles, as recited below; 
however, Juels et al. do disclose, 

"the "client puzzle" protocol" [column 8 line 65]; 
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"The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "a prior user identity value and a current user identity value in a 
cookie provided by the user to the resource" and "wherein determining an amount of 
accumulated work output value to provide to the user based on a volume of data communicated 
between the resource and the user comprises determining the amount of accumulated work as 
2 A k * p" and "where k is a number of bits of work previously performed by the user and p is a 
number of messages or packets communicated between the user and the resource," in the 
invention as disclosed by Schuba et al. and French et al. since the client puzzle protocol is used 
for controlling the rate of connection buffer allocation and the likely computational capacity in 
order to provide graceful degradation in service when an attack is mounted (i.e. denial of service 
attack). 
Claim 13: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 

Claim 1 above, but their combination do not disclose, 

"providing the accumulated work output value in a cookie sent from the resource to the 
user," although Juels et al. do suggest client puzzles, as recited below; 

however, Juels et al. do disclose, 

"the "client puzzle" protocol" [column 8 line 65]; 
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Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "providing the accumulated work output value in a cookie sent 
from the resource to the user," in the invention as disclosed by Schuba et al. and French et al. 
since the client puzzle protocol is used for controlling the rate of connection buffer allocation 
and the likely computational capacity in order to provide graceful degradation in service when an 
attack is mounted (i.e. denial of service attack). 
Claim 14: 

Schuba et al. and French et al. disclose a method of preventing an attack on a network, as in 
Claim 1 above, but their combination do not disclose, 

- "selectively increasing the required work threshold value for a particular user in response 
to congestion conditions of the resource," although Juels et al. do suggest adjusting client 
puzzle size in response to an attack, as recited below; 
however, Jucls ct al. do disclose, 

"The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "selectively increasing the required work threshold value for a 
particular user in response to congestion conditions of the resource," in the invention as 
disclosed by Schuba et al. and French et al. since the client puzzle protocol is used for 
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controlling the rate of connection buffer allocation and the likely computational capacity in order 
to provide graceful degradation in service when an attack is mounted (i.e. denial of service 
attack). 

Claims 21-23, 25-27, & 29-31: 

Schuba et al. disclose an apparatus and a computer-readable storage medium storing one or more 
sequences of instructions, as in Claims 17-19 above, but they do not disclose, 

"determining the required work threshold value based on a then-current capacity of the 
resource," although Juels et al. do suggest computational capacity, as recited below; 
"requiring a first user w ho has an accumulated work value that is greater than the 
required work threshold value to perform a first amount of work as a condition for 
accessing the resource," although Juels et al. do suggest client puzzles, as recited below; 

- "requiring a second user who has an accumulated work value that is less than or equal to 
the required work threshold value to perform a second amount of work as a condition for 
accessing the resource," although Juels et al. do suggest client puzzles, as recited below; 

- "wherein the second amount of work is greater than the first amount of work," although 
Juels et al. do suggest client puzzles, as recited below; 

"determining an amount of accumulated work output value is operable for a specified 
user only if the current user identity value received from the user is not found in a list of 
user identity values that were previously received in a specified time period," although 
Juels et al. do suggest client puzzles, as recited below; 
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"digitally signing and providing a timestamp to the user with the accumulated work 
output value," although Juels et al. do suggest time stamping and usage of a secretly 
computed message authentication code residing as part of the other data, as recited 
below; 

"determining an amount of accumulated work output value is operable for a specified 
user only upon: receiving the timestamp is received in a subsequent request," although 
Juels et al. do suggest usage of time stamps, as recited below; 

- "verifying the timestamp value," although Juels et al. do suggest usage of time stamps, as 
recited below; 

- "determining that the timestamp value is within an allowed range," although Juels et al. 
do suggest usage of time stamps, as recited below; 

however, Juels et al. do disclose, 

"the rate of connection buffer allocation and the likely computational capacity of one or 
more attacking clients 1 10 can be used to select the computational size of a particular 
tasks when operating in a defensive mode" [column 7 lines 29-33]; 
"The client puzzle protocol also allows for graceful degradation in service when an attack 
is mounted. The size of the puzzles can be increased as the progress of an attack advances 
closer to disabling the server. This enables the protocol to flex according to the scale of 
the attack" [column 9 lines 10-14]; 

"inside each correct sub-puzzle solution, and comparing the time stamp (DT) with the 
current time to check that the (sub)puzzle has not yet expired" [column 19 lines 20-22]; 
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"This time stamp, or any other portion of seed data (SD) can be optionally authenticated 
with the use of a secretly computed message authentication code residing as part of the 
other data (OD) 530 portion of the seed data (500)" [column 19 lines 22-26]; 
Therefore, it would have been obvious for one of ordinary skill in the art at the time of the 
applicant's invention to include, "determining the required work threshold value based on a then- 
current capacity of the resource" and "requiring a first user who has an accumulated work value 
that is greater than the required work threshold value to perform a first amount of work as a 
condition for accessing the resource" and "requiring a second user who has an accumulated work 
value that is less than or equal to the required work threshold value to perform a second amount 
of work as a condition for accessing the resource" and "wherein the second amount of work is 
greater than the first amount of work" and "determining an amount of accumulated work output 
value is operable for a specified user only if the current user identity value received from the user 
is not found in a list of user identity values that were previously received in a specified time 
period" and "digitally signing and providing a timestamp to the user with the accumulated work 
output value" and "determining an amount of accumulated work output value is operable for a 
specified user only upon: receiving the timestamp is received in a subsequent request" and 
"verifying the timestamp value" and "determining that the timestamp value is within an allowed 
range," in the invention as disclosed by Schuba et al. since the client puzzle protocol is used for 
controlling the rate of connection buffer allocation and the likely computational capacity in order 
to provide graceful degradation in service when an attack is mounted (i.e. denial of service 
attack). 
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Response to Arguments 

9. Applicant's arguments with respect to claims 1-15 have been considered but are moot in 
view of the new ground(s) of rejection as necessitated by the applicant's amendments. 

10. Applicant's arguments, see pages 16-18, filed 05/23/2008, with respect to the rejection(s) 
of claim(s) 16 under 35 U.S.C. 103(a) have been fully considered and are persuasive. Therefore, 
the rejection has been withdrawn. However, upon further consideration, a new ground(s) of 
rejection is made in view of newly found prior art reference(s). 

1 1 . Applicant's arguments filed 05/23/2008 with respect to Claims 1 7-3 1 have been fully 
considered but they are not persuasive. 

- The applicant's remarks with respect to Claims 17-3 1 have been carefully considered, 
however, the currently written claims language for these limitations are broad enough to 
be interpreted as reading on the prior art of record as indicated in the rejections above; 
o The examiner notes that one interpretation of the "accumulated work value" 
would be the overall or current work value that the client/user is currently 
generating through its calculations of the "puzzle" solution; that is, as is currently 
claimed, the applicant's limitations appear to be directed towards the same "client 
puzzle" scheme as the prior art; further claim limitations, such as the 
amendments that were made to independent Claim 1 above, are not found in 
Claims 17-31 
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Conclusion 

12. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Examiner Oscar Louie whose telephone number is 571-270-1684. 
The examiner can normally be reached Monday through Thursday from 7:30 AM to 4:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami, can be reached at 571-272-4195. The fax phone number for 
Formal or Official faxes to Technology Center 2100 is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Supervisory Patent Examiner, Art Unit 2136 



